[Samba] Setup Samba as AD-DC with kerberos constrained delegation
- Date: Wed, 16 May 2018 15:41:28 +0530
- From: Puran Chand via samba <samba@xxxxxxxxxxxxxxx>
- Subject: [Samba] Setup Samba as AD-DC with kerberos constrained delegation
I have setup samba as Active Directory Domain Controller as per the steps
mentioned in wiki page
I have also setup squid proxy with kerberos auth on other machine as per
the steps mentioned on squid wiki page.
However I couldn't find any documentation to do a KCD setup.
Here are things I want to do
1. Setup Squid with kerberos auth
2. Create a service account in AD-DC for squid service as well as create a
service principal name for squid service.
3. Create few users and setup delegation for those users to
service-account/service-principal-name for squid service
I performed following steps:-
1. Added user using samba-tool user.
2. Joined the squid machine to AD-DC using "net ads join"
3. Added SPN using the command "samba-tool spn add HTTP/SQUID@DOMAIN
So far, I can get the TGT using my application but AD-DC do not issue TGS,
following error is received by application while requesting the service
ticket "gss_acquire_cred_impersonate_name: Generic error (see e-text)"
I am kind of blank here, I did tried few steps using "samba-tool
delegation" and "samba-tool spn" commands but those got me no where.
It would be great if one can list out the steps/samba-tool commands to
setup delegation for squid service using service account.
To unsubscribe from this list go to the following URL and read the